The service company SPI Dynamics has described a means of carrying out a JavaScript port scan from a web browser. If an attacker were to place such a script on their website, they would be able to scout out the user's network, even if it is protected behind a firewall. In combination with cross site scripting vulnerabilities this could become a security risk. SPI Dynamics outlines in their document how the attack works and links to an example script, which will locate all the web servers on the user's intranet and determine the type of server.